P
US7359509B2ExpiredUtilityPatentIndex 62

Method and system for generation of cryptographic keys and the like

Assignee: PITNEY BOWES INCPriority: Dec 1, 2004Filed: Dec 1, 2004Granted: Apr 15, 2008
Est. expiryDec 1, 2024(expired)· nominal 20-yr term from priority
Inventors:CAMPAGNA MATTHEW JYIN YIQUN
H04L 9/0662
62
PatentIndex Score
2
Cited by
10
References
4
Claims

Abstract

A method, and deterministic random bit generator system operating in accordance with the method, for generating cryptographic keys and similar secret cryptographic inputs which are hard to guess. A seed is input from an entropy source; and an initial state is generated as a function of the seed. When a request to generate a cryptographic key is received a current state, where the current state is initially the initial state, is mixed to generate an out put string and a next state and the current state is set to the next state. The requested cryptographic key is generated from the string; and output. These steps can be repeated to generate successive output strings with assurance of forward and backward secrecy. An encryption system including such a generator is also disclosed.

Claims

exact text as granted — not AI-modified
1. A method for cryptograghically securing a message comprising:
 inputting a seed from an entropy source; 
 generating an initial state S j  as a function of said seed; 
 generating a next state S j+1  and an output string y j  by:
 defining a length n for said output string y j , and a parameter HASH_DIGESTSIZE; 
 setting an integer value m equal to the smallest integer greater than length n divided by HASH_DIGESTSIZE; 
 if a user input u j  is supplied, computing a variable V as a hash(u j |S j ), otherwise if a user input u j  is not supplied, computing said variable V as a hash(S j ); 
 setting an index q equal to 1; 
 computing a variable x as a hash function x=hash(V); 
 setting a variable w q  equal to said variable x; 
 computing said variable V as a function V=V+1(mod 2 HASH     —     DIGESTSIZE ); 
 setting said index q equal to q+1; 
 determining if said index q is equal to m+1, and if not, recomputing the variable x as a hash function x=hash(V) and repeating the setting of variable W q , computing said variable V, and setting said index q equal to q+1; 
 when said index q is equal to m+1, computing said output string y j  as n predetermined bits of a concatenation of variables W q , where q equals 1 to m; 
 computing a next state S j+1  as a function (f) of V and y j+1 ; 
 providing said output string y j  for use as a cryptographic key; 
 
 inputting said cryptographic key and said message to a cryptographic engine; and 
 using said cryptographic key in said cryptographic engine to cryptographically secure said message. 
 
   
   
     2. The method of  claim 1 , wherein said initial state is generated by mixing said seed with itself. 
   
   
     3. The method of  claim 2 , wherein said seed is mixed using a hash function. 
   
   
     4. The method of  claim 1 , wherein said function (f)=hash(V+by j+1 +1d), wherein b={0, 1} and dε[0, mod 2 HASH     —     DIGESTSIZE ].

Cited by (0)

No later patents cite this yet.

References (0)

No backward citations on record.